Add migration to change environment_roles role column from string to

enum type.
Fix tests and functions affected by the column type change.

alembic/versions/828d8c188dce_update_environment_roles_enum_list.py

@@ -0,0 +1,58 @@
+"""update environment_roles enum list
+
+Revision ID: 828d8c188dce
+Revises: 5d7198d34b91
+Create Date: 2020-01-08 16:08:03.879881
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '828d8c188dce' # pragma: allowlist secret
+down_revision = '5d7198d34b91' # pragma: allowlist secret
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    conn = op.get_bind()
+    conn.execute(
+        """
+        UPDATE environment_roles
+        SET role = NULL
+        """
+    )
+
+    op.alter_column(
+        "environment_roles",
+        "role",
+        type_=sa.Enum(
+            "ADMIN",
+            "BILLING_READ",
+            "CONTRIBUTOR",
+            name="role",
+            native_enum=False,
+        ),
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column(
+        "environment_roles",
+        "status",
+        type_=sa.VARCHAR(),
+        existing_type=sa.Enum(
+            "ADMIN",
+            "BILLING_READ",
+            "CONTRIBUTOR",
+            name="status",
+            native_enum=False,
+        ),
+    )
+    # ### end Alembic commands ###

atst/forms/data.py

@@ -14,7 +14,7 @@ SERVICE_BRANCHES = [
 ]
 
 ENV_ROLE_NO_ACCESS = "No Access"
-ENV_ROLES = [(role.value, role.value) for role in CSPRole] + [
+ENV_ROLES = [(role.name, role.value) for role in CSPRole] + [
     (ENV_ROLE_NO_ACCESS, ENV_ROLE_NO_ACCESS)
 ]
 

atst/models/environment_role.py

@@ -9,10 +9,9 @@ import atst.models.types as types
 
 
 class CSPRole(Enum):
-    BASIC_ACCESS = "Basic Access"
-    NETWORK_ADMIN = "Network Admin"
-    BUSINESS_READ = "Business Read-only"
-    TECHNICAL_READ = "Technical Read-only"
+    ADMIN = "Admin"
+    BILLING_READ = "Billing Read-only"
+    CONTRIBUTOR = "Contributor"
 
 
 class EnvironmentRole(
@@ -26,7 +25,7 @@ class EnvironmentRole(
     )
     environment = relationship("Environment")
 
-    role = Column(String())
+    role = Column(SQLAEnum(CSPRole, native_enum=False), nullable=True)
 
     application_role_id = Column(
         UUID(as_uuid=True), ForeignKey("application_roles.id"), nullable=False

atst/routes/applications/settings.py

@@ -99,7 +99,7 @@ def filter_env_roles_form_data(member, environments):
 
         if len(env_roles_set) == 1:
             (env_role,) = env_roles_set
-            env_data["role"] = env_role.role
+            env_data["role"] = env_role.role.name
             env_data["disabled"] = env_role.disabled
 
         env_roles_form_data.append(env_data)

templates/applications/fragments/members.html

@@ -126,7 +126,7 @@
                         {{ env.environment_name }}
                       </span>
                       <span class="env-role__role">
-                        : {{ env.role }}
+                        : {{ env.role.value }}
                       </span>
                     </div>
                   {% endfor %}

tests/domain/test_applications.py

@@ -147,7 +147,7 @@ def test_invite():
         user_data=user_data,
         permission_sets_names=permission_sets_names,
         environment_roles_data=[
-            {"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value},
+            {"environment_id": env1.id, "role": CSPRole.ADMIN},
             {"environment_id": env2.id, "role": None},
         ],
     )
@@ -173,8 +173,8 @@ def test_invite_to_nonexistent_environment():
             inviter=application.portfolio.owner,
             user_data=user_data,
             environment_roles_data=[
-                {"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value},
-                {"environment_id": uuid4(), "role": CSPRole.BASIC_ACCESS.value},
+                {"environment_id": env1.id, "role": CSPRole.ADMIN},
+                {"environment_id": uuid4(), "role": CSPRole.ADMIN},
             ],
         )
 

tests/domain/test_environments.py

@@ -26,8 +26,8 @@ def test_create_environments():
 
 
 def test_update_env_role():
-    env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
-    new_role = CSPRole.TECHNICAL_READ.value
+    env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
+    new_role = CSPRole.BILLING_READ
     Environments.update_env_role(
         env_role.environment, env_role.application_role, new_role
     )
@@ -35,7 +35,7 @@ def test_update_env_role():
 
 
 def test_update_env_role_no_access():
-    env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
+    env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
     Environments.update_env_role(env_role.environment, env_role.application_role, None)
 
     assert not EnvironmentRoles.get(
@@ -46,15 +46,13 @@ def test_update_env_role_no_access():
 
 
 def test_update_env_role_disabled_role():
-    env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
+    env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN)
     Environments.update_env_role(env_role.environment, env_role.application_role, None)
 
     # An exception should be raised when a new role is passed to Environments.update_env_role
     with pytest.raises(DisabledError):
         Environments.update_env_role(
-            env_role.environment,
-            env_role.application_role,
-            CSPRole.TECHNICAL_READ.value,
+            env_role.environment, env_role.application_role, CSPRole.BILLING_READ,
         )
 
     assert env_role.role is None

tests/factories.py

@@ -255,7 +255,7 @@ class EnvironmentRoleFactory(Base):
         model = EnvironmentRole
 
     environment = factory.SubFactory(EnvironmentFactory)
-    role = random.choice([e.value for e in CSPRole])
+    role = random.choice([e for e in CSPRole])
     application_role = factory.SubFactory(ApplicationRoleFactory)
 
 

tests/models/test_environments.py

@@ -28,7 +28,7 @@ def test_add_user_to_environment():
     EnvironmentRoleFactory.create(
         application_role=application_role,
         environment=dev_environment,
-        role=CSPRole.BASIC_ACCESS.value,
+        role=CSPRole.ADMIN,
     )
     assert developer in dev_environment.users
 
@@ -75,9 +75,9 @@ def test_environment_provisioning_status(env_data, expected_status):
 
 def test_environment_roles_do_not_include_deleted():
     member_list = [
-        {"role_name": CSPRole.BASIC_ACCESS.value},
-        {"role_name": CSPRole.BASIC_ACCESS.value},
-        {"role_name": CSPRole.BASIC_ACCESS.value},
+        {"role_name": CSPRole.ADMIN},
+        {"role_name": CSPRole.ADMIN},
+        {"role_name": CSPRole.ADMIN},
     ]
     env = EnvironmentFactory.create(members=member_list)
     role_1 = env.roles[0]

tests/routes/applications/test_init.py

@@ -9,9 +9,7 @@ def test_environment_access_with_env_role(client, user_session):
     app_role = ApplicationRoleFactory.create(
         user=user, application=environment.application
     )
-    EnvironmentRoleFactory.create(
-        application_role=app_role, environment=environment, role="developer"
-    )
+    EnvironmentRoleFactory.create(application_role=app_role, environment=environment)
     user_session(user)
     response = client.get(
         url_for("applications.access_environment", environment_id=environment.id)

tests/routes/applications/test_new.py

@@ -153,7 +153,7 @@ def test_post_new_member(monkeypatch, client, user_session, session):
             "user_data-dod_id": user.dod_id,
             "user_data-email": user.email,
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,
@@ -201,7 +201,7 @@ def test_post_update_member(client, user_session):
         ),
         data={
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,

tests/routes/applications/test_settings.py

@@ -129,11 +129,11 @@ def test_edit_application_environments_obj(app, client, user_session):
     env = application.environments[0]
     app_role1 = ApplicationRoleFactory.create(application=application)
     env_role1 = EnvironmentRoleFactory.create(
-        application_role=app_role1, environment=env, role=CSPRole.BASIC_ACCESS.value
+        application_role=app_role1, environment=env, role=CSPRole.ADMIN
     )
     app_role2 = ApplicationRoleFactory.create(application=application, user=None)
     env_role2 = EnvironmentRoleFactory.create(
-        application_role=app_role2, environment=env, role=CSPRole.NETWORK_ADMIN.value
+        application_role=app_role2, environment=env, role=CSPRole.CONTRIBUTOR
     )
 
     user_session(portfolio.owner)
@@ -180,7 +180,7 @@ def test_get_members_data(app, client, user_session):
         environments=[
             {
                 "name": "testing",
-                "members": [{"user": user, "role_name": CSPRole.BASIC_ACCESS.value}],
+                "members": [{"user": user, "role_name": CSPRole.ADMIN}],
             }
         ],
     )
@@ -402,7 +402,7 @@ def test_create_member(monkeypatch, client, user_session, session):
             "user_data-dod_id": user.dod_id,
             "user_data-email": user.email,
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,
@@ -511,10 +511,10 @@ def test_update_member(client, user_session, session):
     env_2 = EnvironmentFactory.create(application=application)
     # add user to two of the environments: env and env_1
     updated_role = EnvironmentRoleFactory.create(
-        environment=env, application_role=app_role, role=CSPRole.BASIC_ACCESS.value
+        environment=env, application_role=app_role, role=CSPRole.ADMIN
     )
     suspended_role = EnvironmentRoleFactory.create(
-        environment=env_1, application_role=app_role, role=CSPRole.BASIC_ACCESS.value
+        environment=env_1, application_role=app_role, role=CSPRole.ADMIN
     )
 
     user_session(application.portfolio.owner)
@@ -528,13 +528,13 @@ def test_update_member(client, user_session, session):
         ),
         data={
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
+            "environment_roles-0-role": "CONTRIBUTOR",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-environment_name": env_1.name,
             "environment_roles-1-disabled": "True",
             "environment_roles-2-environment_id": env_2.id,
-            "environment_roles-2-role": CSPRole.NETWORK_ADMIN.value,
+            "environment_roles-2-role": "BILLING_READ",
             "environment_roles-2-environment_name": env_2.name,
             "perms_env_mgmt": True,
             "perms_team_mgmt": True,
@@ -565,7 +565,7 @@ def test_update_member(client, user_session, session):
     environment_roles = application.roles[0].environment_roles
     # check that the user has roles in the correct envs
     assert len(environment_roles) == 3
-    assert updated_role.role == CSPRole.TECHNICAL_READ.value
+    assert updated_role.role == CSPRole.CONTRIBUTOR
     assert suspended_role.disabled
 
 
@@ -695,7 +695,7 @@ def test_handle_create_member(monkeypatch, set_g, session):
             "user_data-dod_id": user.dod_id,
             "user_data-email": user.email,
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,
@@ -718,7 +718,7 @@ def test_handle_create_member(monkeypatch, set_g, session):
     assert job_mock.called
 
 
-def test_handle_update_member(set_g):
+def test_handle_update_member_success(set_g):
     user = UserFactory.create()
     application = ApplicationFactory.create(
         environments=[{"name": "Naboo"}, {"name": "Endor"}]
@@ -732,7 +732,7 @@ def test_handle_update_member(set_g):
     form_data = ImmutableMultiDict(
         {
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,
@@ -772,7 +772,7 @@ def test_handle_update_member_with_error(set_g, monkeypatch, mock_logger):
     form_data = ImmutableMultiDict(
         {
             "environment_roles-0-environment_id": env.id,
-            "environment_roles-0-role": "Basic Access",
+            "environment_roles-0-role": "ADMIN",
             "environment_roles-0-environment_name": env.name,
             "environment_roles-1-environment_id": env_1.id,
             "environment_roles-1-role": NO_ACCESS,

tests/test_access.py

@@ -213,7 +213,7 @@ def test_applications_access_environment_access(get_url_assert_status):
                 "environments": [
                     {
                         "name": "thebar",
-                        "members": [{"user": dev, "role_name": "devops"}],
+                        "members": [{"user": dev, "role_name": "ADMIN"}],
                     }
                 ],
             }

tests/test_jobs.py

@@ -24,7 +24,7 @@ from tests.factories import (
     PortfolioFactory,
     ApplicationRoleFactory,
 )
-from atst.models import EnvironmentRole, ApplicationRoleStatus
+from atst.models import CSPRole, EnvironmentRole, ApplicationRoleStatus
 
 
 @pytest.fixture(autouse=True, scope="function")
@@ -293,7 +293,7 @@ def test_do_provision_user(csp, session):
     environment_role = EnvironmentRoleFactory.create(
         environment=provisioned_environment,
         status=EnvironmentRole.Status.PENDING,
-        role="my_role",
+        role="ADMIN",
     )
 
     # When I call the user provisoning task
@@ -302,7 +302,7 @@ def test_do_provision_user(csp, session):
     session.refresh(environment_role)
     # I expect that the CSP create_or_update_user method will be called
     csp.create_or_update_user.assert_called_once_with(
-        credentials, environment_role, "my_role"
+        credentials, environment_role, CSPRole.ADMIN
     )
     # I expect that the EnvironmentRole now has a csp_user_id
     assert environment_role.csp_user_id